### BART PRENEEL THESIS

Obfuscation for Cryptographic Purposes. Wyseur, and Bart Preneel: Indeed, it does not suffice to only protect an application against extraction of embedded secret keys. On the Im possibility of Obfuscating Programs. Wee [Wee05] presented a provably secure obfuscator for a point function, which can be exploited in practice to construct authentication functionalities.

ITCC 1 , pages Shafi Goldwasser and Yael Tauman Kalai. For example, a scheme is defined CPA-secure if an attacker cannot compute the plaintext from a given ciphertext, or KR-secure when the secret key cannot be recovered. On the Impossibility of Obfuscation with Auxiliary Input. Ran Canetti and Mayank Varia. Similar theoretic approaches have been conceived for white-box cryptography in [Sax09]. On Obfuscating Point Functions.

ITCC 1pages Theoretic research on code obfuscation gained momentum with the seminal paper of Barak et al.

# Bart Preneel | SBA Research

On the Im possibility of Obfuscating Programs. For example, to create the equivalent of a smart-card-based AES encryption function in software, it does not suffice that the white-box implementation resists extraction of its embedded key, but it must also be prenrel to invert.

Similar theoretic approaches have been conceived for white-box cryptography in [Sax09]. Research Academic research in white-box cryptography can be categorized into three activities.

Ran Canetti and Mayank Varia. Obfuscation for Cryptographic Purposes.

A security notion is a formal description of the security of a cryptographic scheme. Wee [Wee05] presented a barr secure obfuscator for a point function, which can be exploited in practice to construct authentication functionalities.

# White-box cryptography

Both have received similar scepticism on its feasibility and lack of theoretic foundations. Jan 13, version: For example, a scheme is defined CPA-secure if an attacker cannot compute the plaintext from a given ciphertext, or KR-secure when the secret key cannot be recovered.

It makes sense to define white-box cryptography accordingly since it reflects more reality. Resources Slides March — slides PhD defense. White-box implementations and cryptanalysis results A selection of the state of the art: Shafi Goldwasser and Yael Tauman Kalai.

On Obfuscating Point Functions. Theory White-box cryptography is often linked with code obfuscation, since both aim to protect software implementations.

## Bart Preneel

Indeed, it does not suffice to only protect an application against extraction of embedded secret keys. Wyseur, and Bart Preneel: Attacking an obfuscated cipher by injecting faults.

Positive Results and Techniques for Obfuscation. The main difference between code obfuscation and white-box cryptography is that the security of the latter needs to be validated with respect to security notions.

Nevertheless, this result does not exclude the existence of secure code obfuscators: On the Impossibility of Obfuscation with Auxiliary Input. Chand Gupta, and G.